﻿using System.Security.Claims;
using System.Web;
using System.Web.Mvc;

namespace Inovout.Membership.Account.WebPage.Controllers
{
    [Authorize]
    public class OAuthController : Controller
    {
        public ActionResult Authorize(string redirect_uri, string scope)
        {
            var authentication = HttpContext.GetOwinContext().Authentication;
            //var ticket = authentication.AuthenticateAsync("Inovout").Result;
            //var identity = ticket != null ? ticket.Identity : null;
            var identity = authentication.User.Identity as ClaimsIdentity;
            if (identity == null)
            {
                authentication.Challenge("Inovout");
                return new HttpUnauthorizedResult();
            }
           
            var scopes = (scope ?? "").Split(' ');
            identity = new ClaimsIdentity(identity.Claims, "Bearer", identity.NameClaimType, identity.RoleClaimType);
            foreach (var allowScope in scopes)
            {
                identity.AddClaim(new Claim("urn:oauth:scope", allowScope));
            }

            authentication.SignIn(identity);
            //Q 跨转RriectUrl写法需调整。
            return View();
        }
    }
}